Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of Fortinet Vulnerabilities
Alerts

Active Exploitation of Fortinet Vulnerabilities

6 April 2021

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have released a Joint Cybersecurity Advisory to warn that advanced persistent threat (APT) actors are actively exploiting known Fortinet FortiOS vulnerabilities.

Successful exploitation of the vulnerabilities could allow an attacker to take control of the affected systems and gain a foothold inside the targeted networks to conduct further malicious activities.

These vulnerabilities are:

  • CVE-2018-13379: A path traversal vulnerability in the FortiOS Secure Sockets Layer (SSL) Virtual Private Network (VPN) web portal may allow an unauthenticated attacker to download FortiOS system files through specially crafted Hypertext Transfer Protocol (HTTP) resource requests.

  • CVE-2019-5591: Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the Lightweight Directory Access Protocol (LDAP) server.

  • CVE-2020-12812: An improper authentication vulnerability in SSL VPN in FortiOS may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username.

Administrators and users of the affected products are advised to upgrade to the latest firmware immediately.

More information is available here:

https://www.ic3.gov/Media/News/2021/210402.pdf

https://www.fortiguard.com/psirt/FG-IR-18-384

https://www.fortiguard.com/psirt/FG-IR-19-037

https://www.fortiguard.com/psirt/FG-IR-19-283

Back to top